sq_util::get_subkey() now returns an Option.

Not finding any subkey is not an error.

card-functionality/src/util.rs

@@ -35,22 +35,22 @@ pub(crate) fn upload_subkeys(
         KeyType::Decryption,
         KeyType::Authentication,
     ] {
-        let vka = get_subkey(cert, policy, *kt)?;
+        if let Some(vka) = get_subkey(cert, policy, *kt)? {
+            // store fingerprint as return-value
+            let fp = vka.fingerprint().to_hex();
+            // store key creation time as return-value
+            let creation = vka
+                .creation_time()
+                .duration_since(SystemTime::UNIX_EPOCH)
+                .unwrap()
+                .as_secs() as u32;
 
-        // store fingerprint as return-value
-        let fp = vka.fingerprint().to_hex();
-        // store key creation time as return-value
-        let creation = vka
-            .creation_time()
-            .duration_since(SystemTime::UNIX_EPOCH)
-            .unwrap()
-            .as_secs() as u32;
+            out.push((fp, creation.into()));
 
-        out.push((fp, creation.into()));
-
-        // upload key
-        let cuk = vka_as_uploadable_key(vka, None);
-        ca.key_import(cuk, *kt)?;
+            // upload key
+            let cuk = vka_as_uploadable_key(vka, None);
+            ca.key_import(cuk, *kt)?;
+        }
     }
 
     Ok(out)

openpgp-card-sequoia/src/main.rs

@@ -117,29 +117,32 @@ fn main() -> Result<(), Box<dyn Error>> {
         let cert = Cert::from_file(TEST_KEY_PATH)?;
         let p = StandardPolicy::new();
 
-        println!("Upload decryption key");
-        let vka = openpgp_card_sequoia::sq_util::get_subkey(
-            &cert,
-            &p,
-            KeyType::Decryption,
-        )?;
-        admin.upload_key(vka, KeyType::Decryption, None)?;
-
-        println!("Upload signing key");
-        let vka = openpgp_card_sequoia::sq_util::get_subkey(
+        if let Some(vka) = openpgp_card_sequoia::sq_util::get_subkey(
             &cert,
             &p,
             KeyType::Signing,
-        )?;
-        admin.upload_key(vka, KeyType::Signing, None)?;
+        )? {
+            println!("Upload signing key");
+            admin.upload_key(vka, KeyType::Signing, None)?;
+        }
 
-        println!("Upload auth key");
-        let vka = openpgp_card_sequoia::sq_util::get_subkey(
+        if let Some(vka) = openpgp_card_sequoia::sq_util::get_subkey(
+            &cert,
+            &p,
+            KeyType::Decryption,
+        )? {
+            println!("Upload decryption key");
+            admin.upload_key(vka, KeyType::Decryption, None)?;
+        }
+
+        if let Some(vka) = openpgp_card_sequoia::sq_util::get_subkey(
             &cert,
             &p,
             KeyType::Authentication,
-        )?;
-        admin.upload_key(vka, KeyType::Authentication, None)?;
+        )? {
+            println!("Upload auth key");
+            admin.upload_key(vka, KeyType::Authentication, None)?;
+        }
 
         println!();
 

openpgp-card-sequoia/src/sq_util.rs

@@ -25,12 +25,13 @@ use openpgp_card::KeyType;
 
 /// Retrieve a (sub)key from a Cert, for a given KeyType.
 ///
-/// If no, or multiple suitable (sub)keys are found, an error is thrown.
+/// Returns Ok(None), if no such (sub)key exists.
+/// If multiple suitable (sub)keys are found, an error is returned.
 pub fn get_subkey<'a>(
     cert: &'a Cert,
     policy: &'a dyn Policy,
     key_type: KeyType,
-) -> Result<ValidErasedKeyAmalgamation<'a, SecretParts>> {
+) -> Result<Option<ValidErasedKeyAmalgamation<'a, SecretParts>>> {
     // Find all suitable (sub)keys for key_type.
     let valid_ka = cert
         .keys()
@@ -47,8 +48,10 @@ pub fn get_subkey<'a>(
 
     let mut vkas: Vec<_> = valid_ka.collect();
 
-    if vkas.len() == 1 {
-        Ok(vkas.pop().unwrap())
+    if vkas.is_empty() {
+        Ok(None)
+    } else if vkas.len() == 1 {
+        Ok(Some(vkas.pop().unwrap()))
     } else {
         Err(anyhow!(
             "Unexpected number of suitable (sub)key found: {}",